One Person Company
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is clearly about an external AI-agent platform, but it asks for an API key while advertising autonomous multi-agent workflows and persistent memory without explaining the boundaries or user controls.
Review the provider’s documentation before installing. Pay special attention to what the API key can do, whether workflows can run autonomously, what data is stored in memory, how to delete retained context, and whether agent-to-agent sharing can expose sensitive business information.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The connected platform may be able to run or delegate work beyond a single explicit user request if configured that way.
The skill explicitly advertises autonomous multi-agent execution, but the artifact does not describe approval gates, stopping conditions, task boundaries, or containment for autonomous activity.
multi-agent orchestration, task management, and autonomous workflow execution
Before using it, verify how autonomous workflows are started, paused, reviewed, and limited, and avoid granting it authority over sensitive business systems until those controls are clear.
Sensitive business or personal context could be retained and reused in later sessions in ways the user may not expect.
Persistent memory is disclosed, but the artifact does not explain what is stored, where it is stored, how long it is retained, whether users can delete it, or how future tasks avoid over-trusting stale or poisoned context.
**Memory** — Persistent context across sessions
Check the service’s memory settings, retention policy, deletion controls, and data-sharing behavior before allowing sensitive information into the platform.
Information given to one agent or workflow could potentially be passed to other agents without clear user visibility.
The skill describes multi-agent orchestration, but does not define agent identities, permissions, data boundaries, or how information is shared between agents.
**Multi-Agent** — Orchestrate specialized agents for complex tasks
Confirm how the platform separates agents, scopes permissions, logs handoffs, and prevents unintended sharing of sensitive context.
The skill depends on a credential that may grant access to the user’s One Person Company account or workflows.
The API key requirement is clearly disclosed and appears expected for an external platform integration; the artifacts do not show hardcoding, logging, or unrelated use of the key.
requires":{"env":["ONEPERSON_API_KEY"]},"primaryEnv":"ONEPERSON_API_KEY"Use a scoped or revocable API key if available, store it securely, and revoke it if you stop using the skill.